Ask the Experts

Ask the Experts

• How can web shells be used to exploit security tools and servers?

  A web shell from the JexBoss security tool was used to exploit servers through an unpatched JBoss vulnerability. Expert Michael Cobb explains how to prevent similar attacks.  Continue Reading

• How does the Android Trojan Triada infect a device's core processes?

  The Android Trojan Triada has the ability to replace a device's system functions with its own. Expert Michael Cobb explains how to mitigate the effects of this serious threat.  Continue Reading

• Cybersecurity skills: What is the best way to find staff that has them?

  Finding and keeping employees with the right cybersecurity skills is a challenge all organizations face. Expert Mike O. Villegas explains the skills shortage.  Continue Reading

• What's the best way to organize the CISO reporting structure?

  The importance of the CISO reporting structure continues to grow as the importance of the CISO grows. Expert Mike O. Villegas discusses who the CISO should report to.  Continue Reading

• Security startups: What do CISOs need to know before being customers?

  Being a customer of security startups comes with some risk. Expert Mike O. Villegas discusses this risk and how CISOs can dodge the potential issues.  Continue Reading

• Cyberextortion: How should CISOs handle it?

  Organizations need to be aware of the threat of cyberextortion attacks and defend against them. Mike O. Villegas discusses the CISO's role in setting up the defense.  Continue Reading

• How can IP devices like multifunction printers and faxes be secured?

  IP devices like multifunction printers and faxes may be an attack vector. Expert Nick Lewis explains the vulnerabilities, and how to secure them against attacks.  Continue Reading

• How does the AceDeceiver Trojan install itself on iOS devices?

  AceDeceiver is a Trojan that can install itself on iOS devices without any certificates. Expert Nick Lewis explains how it works, and how enterprises can prevent it.  Continue Reading

• How can USB Thief be stopped from infecting air-gapped systems?

  USB Thief, a new type of stealth malware, leaves no trace on air-gapped targets. Expert Nick Lewis explains how the malware works and how enterprises can mitigate attacks.  Continue Reading

• Is the BREACH attack update a threat to Gmail security?

  The BREACH attack has been updated to perform faster data theft. Expert Nick Lewis explains the differences in this attack and the threat level for organizations that use Gmail.  Continue Reading

• How does the new Stagefright exploit Metaphor conduct an ASLR bypass?

  A new Stagefright exploit called Metaphor has been released. Expert Nick Lewis explains its ability to do an ASLR bypass, and what it means for Android device security.  Continue Reading

• Does encrypting data make access harder for regulators?

  Encrypting data going to the cloud is a security best practice, but does it add extra challenges for regulators that might need to access the data? Expert Mike Chapple discusses.  Continue Reading

• Do PCI compliance standards matter when merchants sell off-site?

  Merchants that sell at off-site venues need to take extra care to follow PCI compliance standards. Expert Mike Chapple discusses how organizations can do this.  Continue Reading

• Why is the FTC interested in PCI assessments?

  The FTC's order for PCI DSS compliance assessments is odd since PCI isn't a government regulation. Expert Mike Chapple explains the motivation driving this order.  Continue Reading

• How did a Java security vulnerability with a bad patch go unnoticed?

  An old Java security vulnerability was discovered to have been ineffectually patched. Expert Michael Cobb explains how this happened and what can be done to prevent other bad patches.  Continue Reading

• Will the Google Certificate Transparency tool prevent certificate abuse?

  Google's Certificate Transparency tool publicly logs certificates issued by CAs. Expert Michael Cobb explains how the log viewer works to improve certificate security.  Continue Reading

• Secure web browser options: Does Firefox or Chrome fare better?

  Crowning the most secure web browser is difficult, with research often turning up biased results. Expert Michael Cobb explains how to make a choice based on different surveys.  Continue Reading

• Is the Bitdefender ransomware vaccine an effective method of protection?

  Bitdefender's new ransomware vaccine takes a stab at quelling the rising tide of ransomware attacks. Expert Michael Cobb explains how it works and if it is effective.  Continue Reading

• Why are both symmetric and asymmetric encryption used in OpenPGP?

  OpenPGP uses asymmetric encryption and symmetric encryption for different parts of its process. Expert Michael Cobb explains the purpose of hybrid encryption in message security.  Continue Reading

• What's the best way to communicate about advanced persistent threats?

  Advanced persistent threats are a constant risk for enterprises, so the board needs to know about them. Expert Mike O. Villegas discusses how to effectively communicate about APTs.  Continue Reading

• How can a vendor risk assessment help enterprise security?

  Third-party vendors are necessary for organizations, but with them come more security risks. Expert Mike O. Villegas discusses how vendor risk assessments can help.  Continue Reading

• What are the pros and cons of hiring an ex-hacker?

  Hiring an ex-hacker to join an enterprise security team is a risky move. Expert Mike O. Villegas discusses the potential benefits and drawbacks of this nontraditional hiring move.  Continue Reading

• Are cyberwar games beneficial to test enterprise security?

  Traditional security testing is always recommended, but what about cyberwar games? Expert Mike O. Villegas discusses the best ways to test a security program.  Continue Reading

• How does Locky ransomware use DGA in its attacks?

  Locky ransomware has borrowed features from Dridex malware, which focused on attacking banks. Expert Nick Lewis explains Locky's techniques and how to detect it.  Continue Reading

• How does the Mazar malware take control of Android devices?

  The Mazar malware can wipe an entire Android device once it has been installed. Expert Nick Lewis explains how this malware works, and how attacks can be prevented.  Continue Reading

• How does MouseJack attack wireless mouse security?

  MouseJack, a wireless mouse and keyboard security flaw, allows attackers to type malicious commands. Expert Nick Lewis explains how enterprises can prevent these attacks.  Continue Reading

• How does the EMET 5.0 vulnerability allow attackers to turn it off?

  A vulnerability has been discovered in EMET 5.0 that can be used to turn EMET off. Expert Nick Lewis explains the flaw, and what enterprises can do to maintain security.  Continue Reading

• How has Windows Defender Advanced Threat Protection improved?

  Microsoft has released a new version of Windows Defender Advanced Threat Protection. Expert Nick Lewis explains the new features of this antimalware tool.  Continue Reading

• Are nonprofit organizations subject to FTC data security oversight?

  Are nonprofit organizations, like higher education institutions, subject to FTC data security regulations and oversight? Expert Mike Chapple explains.  Continue Reading

• What social media policy best practices should be followed for healthcare?

  It's important for healthcare organizations to have clear social media policy best practices. Expert Mike Chapple explains what needs to be in the policy to stay HIPAA compliant.  Continue Reading

• Can organizations use a SOC 2 report to help with HIPAA compliance?

  SOC 2 evaluations can be helpful tools for organizations assessing their HIPAA compliance, but companies should not solely rely on them. Compliance expert Mike Chapple explains why.  Continue Reading

• Are Amazon devices running on the latest Fire OS 5 secure?

  Amazon disabled native encryption capabilities in the latest Fire OS version. Expert Michael Cobb explains what this means for security, and if encryption can be reinstated.  Continue Reading

• How did a pirated app bypass Apple's App Store security?

  A pirated app called Happy Daily English beat Apple's App Store security review. Expert Michael Cobb explains how it works and what security teams can do about it.  Continue Reading

• Lenovo SHAREit: How does its hardcoded password vulnerability work?

  The Lenovo SHAREit file-sharing app has a hardcoded password vulnerability, among other issues. Expert Michael Cobb explains these flaws and how to prevent exploits on them.  Continue Reading

• Does mass scanning of the internet do more harm than good?

  Mass scanning of the internet can reveal how pervasive a vulnerability is. Expert Michael Cobb explains how these scans work and what the arguments for and against them are.  Continue Reading

• How can the AirDroid app phone hijacking be prevented?

  A vulnerability in the AirDroid device manager app left users at risk of phone hijacking. Expert Michael Cobb explains how the exploit works, and what can be done to prevent it.  Continue Reading

• Can a tablet security policy help protect enterprise users?

  BYOD isn't a new trend, but tablet security policy is increasingly important as users choose them over laptops for work. Expert Mike O. Villegas discusses tablet security policies.  Continue Reading

• How can a security incident response plan be most effective?

  A security incident response plan is key to preparing for a data breach, but to be effective, the plan needs to be well tested. Expert Mike O. Villegas explains how to do that.  Continue Reading

• What are the benefits of a risk-based framework for security?

  Many organizations use a risk-based framework to help manage their cybersecurity program. Expert Mike O. Villegas discusses the development and benefits of current frameworks.  Continue Reading

• How do chief data officers affect the role of the CISO?

  Chief data officers are becoming more common in enterprises, but how does the presence of this c-level affect the CISO's role? Expert Mike O. Villegas discusses.  Continue Reading

• How does the Trochilus RAT evade detection and sandboxing?

  The new Trochilus RAT can avoid detection in cyberespionage attacks. Expert Nick Lewis explains how it works, and if enterprises need to adapt their security programs.  Continue Reading

• What new Asacub Trojan features should enterprises watch out for?

  The Asacub Trojan has new banking malware features. Expert Nick Lewis explains how it made this transition and what enterprises should be watching out for.  Continue Reading

• Is BlackEnergy malware a threat to U.S. utility companies?

  BlackEnergy malware may have been part of the attacks on Ukrainian utility and media companies. Expert Nick Lewis explains how this malware works and if U.S. companies are at risk.  Continue Reading

• Why wasn't the Java serialization vulnerability patched?

  An old Java serialization vulnerability has popped up again in PayPal's servers. Expert Nick Lewis explains how this vulnerability works and why it had not been patched.  Continue Reading

• How does the Dridex Trojan conduct redirection attacks?

  The new version of the Dridex Trojan share Dyre malware's redirection attack capabilities. Expert Nick Lewis explains how enterprises can prevent these incidents.  Continue Reading

• How can vulnerability scanning tools help with PCI DSS compliance?

  Vulnerability scanning tools are necessary to be fully compliant with PCI DSS, but the tools need to come from a PCI DSS Approved Scanning Vendor. Expert Mike Chapple explains.  Continue Reading

• Mass HIway: What are the security risks for healthcare programs?

  Healthcare clearinghouses like Mass HIway are a new trend in health IT, but what are the security implications? Expert Mike Chapple explains what you need to know.  Continue Reading

• What's wrong with the FFIEC Cybersecurity Assessment Tool?

  The FFIEC Cybersecurity Assessment Tool has faced harsh criticism since its 2015 release. Expert Mike Chapple reviews the tool and how it can be improved.  Continue Reading

• Session cookies: When should they be protected by a salted hash?

  Is cookie encryption enough to protect sensitive information? Expert Michael Cobb explains how salted hashes can prevent attacks, and the secure way to use cookies.  Continue Reading

• Does the Icera modem vulnerability in Blackphones affect other devices?

  A vulnerability was found in the Blackphone's Icera modem. Expert Michael Cobb explains how attackers could hijack the device, and if this would occur in other mobile devices.  Continue Reading

• Oracle Java browser plug-in: How will its death affect enterprises?

  Oracle is killing off the Java browser plug-in due to security risks. Expert Michael Cobb explains the next steps for enterprises with Java-based applications.  Continue Reading

• What security log management best practices should my team follow?

  Security log management includes deciding what log data to retain and the length of time it should be stored. Expert Michael Cobb explains some challenges and best practices.  Continue Reading

• How does the mandatory access control model and application sandboxing differ?

  Mandatory access control and application sandboxing both offer layers of security through controlling access to system resources. Expert Michael Cobb explains what sets each apart.  Continue Reading

• How can networking and security project groups work together better?

  A single pane of glass approach to networking and security projects might be able to improve enterprise security. Expert Mike O. Villegas explains what enterprises need to know about it.  Continue Reading

• What does a security awareness training program need to include?

  An effective security awareness training program can make a significant difference in enterprises security. Expert Mike O. Villegas discusses what makes a good program.  Continue Reading

• How can an external CISO hire overcome new job challenges?

  An external CISO hire can often struggle with the new role and fitting in with the company's existing security program. Luckily, there are ways to overcome these challenges.  Continue Reading

• Are cybersecurity lawyers necessary for organizations?

  Cybersecurity lawyers can help handle a variety of enterprise security issues, but are they necessary? Expert Mike O. Villegas discusses the potential benefits.  Continue Reading

• What do CISO training programs cover and are they worth it?

  CISO training programs, like the Deloitte CISO Transition Lab, are available for those who are new to the role. Expert Mike O. Villegas explains what's covered in these programs.  Continue Reading

• How does Latentbot use obfuscation in its attacks?

  Latentbot malware has layers of obfuscation that makes it hard to detect. Expert Nick Lewis explains how its process works, beginning with a phishing email, and how to stop it.  Continue Reading

• How does Rekoobe Linux malware spread and avoid detection?

  A hard to detect type of Linux malware, Rekoobe, can download files to user systems. Expert Nick Lewis explains the malware's key functionality and how to mitigate attacks.  Continue Reading

• How did simple Pro POS malware attack businesses?

  Pro POS, a new type of POS malware, has simple operations and is easy to obtain. How was it so successful against businesses? Expert Nick Lewis explains how it can be prevented.  Continue Reading

• ProxyBack malware: How does it affect Internet proxies?

  ProxyBack malware turns infected user systems into Internet proxies, which can obfuscate the attack source. Expert Nick Lewis explains how the malware works, and its purpose.  Continue Reading

• How does SlemBunk collect Android user credentials?

  An Android Trojan called SlemBunk is impersonating banking applications in order to collect user credentials. Expert Nick Lewis explains the security measures to stop this malware.  Continue Reading

• TLS encryption: Why did the PCI SSC push back the deadline?

  The PCI SSC extended the deadline for organizations to update TLS encryption standards before announcing PCI DSS 3.2. Expert Mike Chapple examines the motivation behind this move.  Continue Reading

• How will the FTC lawsuit against Wyndham affect enterprises?

  A recent FTC lawsuit against Wyndham Hotels highlighted concerns for enterprises that have suffered a data breach. Expert Mike Chapple discusses the case and its takeaways.  Continue Reading

• Are biometric security systems regulated by compliance standards?

  Biometric security systems come with many advantages, but do they also come with many regulations? Expert Mike Chapple discusses biometric authentication compliance.  Continue Reading

• How did MongoDB database misconfiguration lead to exposure?

  Open source NoSQL MongoDB database faced 30,000 insecure instances. Expert Michael Cobb explains the misconfiguration that led to this, and how to prevent it with other programs.  Continue Reading

• How can common mobile application security risks be reduced?

  A new Veracode report offers details on common mobile application security risks. Expert Michael Cobb explains these flaws, and what developers can do to reduce them.  Continue Reading

• Is a cryptographic algorithm behind Juniper's backdoor?

  Juniper firewall products were found to have two backdoor vulnerabilities. Expert Michael Cobb explains how a cryptographic algorithm and hardcoded password enabled this to happen.  Continue Reading

• How can Kerberos protocol vulnerabilities be mitigated?

  Microsoft's Kerberos protocol implementation has long-standing issues with its secret keys. Expert Michael Cobb explains how to mitigate the authentication vulnerabilities.  Continue Reading

• How did AVG Web TuneUp expose user data?

  The AVG Web TuneUp browser extension, advertised as a way to control user privacy, exposed Chrome users' personal data. Expert Michael Cobb explains how this happened.  Continue Reading

• Will the Neiman Marcus data breach lawsuit set a precedent?

  The Neiman Marcus data breach lawsuit was appealed and it could set a precedent for the victims of data breach lawsuits in the future. Expert Mike O. Villegas explains.  Continue Reading

• Could a security pledge replace security awareness training?

  Some universities use a security pledge so that students commit to good cybersecurity practices. Mike O. Villegas discusses whether this might work for enterprise employees.  Continue Reading

• The merger and acquisition process: How can organizations stay secure?

  Organizations dealing with the complicated merger and acquisition process can't forget about security. Unfortunately, security presents a whole new set of obstacles.  Continue Reading

• What should candidates expect in interviews for CISO jobs?

  When candidates prepare for a CISO job interview, they should know the answer to 12 specific questions. Expert Mike O. Villegas reviews the questions.  Continue Reading

• How can Vonteera adware be prevented from disabling antimalware?

  Vonteera adware has the ability to disable antimalware software on endpoint devices. Expert Nick Lewis explains how enterprises can prevent this attack.  Continue Reading

• ModPOS: How can enterprises defend against POS malware?

  ModPOS, a new POS malware, compromised millions of credit card accounts in 2015. Expert Nick Lewis explains how cybercriminals use this malware and what can be done to stop it.  Continue Reading

• Can credit card hacking be stopped with Chip and PIN alone?

  Amex cards have been discovered to be vulnerable to credit card hacking. Expert Nick Lewis explains how this happens, and what can be done about Chip and PIN security.  Continue Reading

• How does the banking Trojan Dyreza exploit Windows 10?

  A variant of banking Trojan Dyreza has begun to target Windows 10. Expert Nick Lewis explains the new attack functionalities, and Windows 10 and user vulnerabilities.  Continue Reading

• How did remote access Trojan GlassRAT evade detection?

  A remote administration tool like GlassRAT can go undetected for long periods of time. Expert Nick Lewis uncovers how this type of malware works and affects corporations.  Continue Reading

• How can BGP hijacking be detected and prevented?

  What is BGP hijacking or IP hijacking and how do cybercriminals pull off the attacks? Expert Michael Cobb explains how enterprises can mitigate these risks.  Continue Reading

• Is eDellRoot certificate vulnerability an isolated problem?

  Is the Dell eDellRoot security threat a serious problem and, if so, can it be prevented with self-signed root certificate authorities? Expert Michael Cobb explains the potential threats.  Continue Reading

• What does 'FIPS 140-2 Level 2 certified' mean for security?

  What does FIPS 140-2 Level 2 certification for devices cover? Expert Michael Cobb explains the FIPS 140-2 security standard and how vendors use it in their claims.  Continue Reading

• How does the M-Pesa service work and what are the risks?

  How does mobile microfinancing service M-Pesa allow users to make transactions without a bank account? Expert Michael Cobb explains how it works and M-Pesa security measures.  Continue Reading

• What HTML5 security measures do enterprises need to take?

  With HTML5 taking over as the preferred technology over Adobe Flash, Flash content's days are numbered. Expert Michael Cobb discusses HTML5 security and features for developers.  Continue Reading

• What are the rights of medical ID theft victims under HIPAA?

  The rights of medical identity theft victims have been confused by health providers, but the rules under HIPAA are actually quite clear. Expert Mike Chapple explains.  Continue Reading

• How can small companies ease the PCI compliance burden?

  Smaller organizations have a tougher time handling the compliance burden, specifically from the PCI DSS requirements. Expert Mike Chapple has some advice for small businesses.  Continue Reading

• What are the proposed financial cybersecurity regulations from DFS?

  The New York State Department of Financial Services announced plans to increase cybersecurity regulations for financial firms. Here's what they need to know about the regulations.  Continue Reading

• Personal email servers: What are the security risks?

  Hillary Clinton has taken much criticism over the use of a personal email server. Expert Michael Cobb explains the risks of shadow IT email and what enterprises can do about them.  Continue Reading

• How can Millennials enter cybersecurity careers in the enterprise?

  Getting younger generations interested in cybersecurity careers isn't that hard, but it does require the industry to put effort into education. And enterprises should lead the way.  Continue Reading

• What are the differences between active boards and passive boards?

  Both active and passive boards of directors have different approaches to handling cybersecurity within their organizations. Here's how to tell which type you have.  Continue Reading

• Cybersecurity budget: What are the top priorities after a breach?

  After an incident, a cybersecurity budget usually starts to feel the pressure. Identifying the top security priorities for the organization can help alleviate the budgetary stress.  Continue Reading

• What are the best risk assessment frameworks?

  A recent survey indicated an increased use of risk assessment frameworks among enterprises. Here's why it's important to choose the right framework for your organization.  Continue Reading

• Evil maid attacks: How can they be stopped?

  What is an 'evil maid' attack and how can enterprises prevent it? Expert Nick Lewis explains the threat and the precautions employees should take when traveling.  Continue Reading

• How does YiSpecter affect non-jailbroken iOS devices?

  New mobile malware can affect both jailbroken and non-jailbroken iOS devices. Expert Nick Lewis outlines the threat posed by YiSpecter and how to stop it.  Continue Reading

• How can Internet hijacking be prevented or mitigated?

  An advanced persistent threat group used satellite Internet connections to mask its attacks. Expert Nick Lewis offers advice for preventing these types of schemes.  Continue Reading

• Malware-free attacks: How can enterprises stop them?

  New research shows that threat actors are "living off the land" and infiltrating corporate networks using malware-free attacks. Expert Nick Lewis explains how this is done.  Continue Reading

• How can a malicious C&C server remain undetected?

  A command and control server for the "Gh0st" malware campaign went undetected for two years, according to security researchers. Expert Nick Lewis explains how it happened.  Continue Reading

• How can a DMARC policy improve email security?

  Major email providers are adopting DMARC policies to reduce spam. Expert Michael Cobb explains how DMARC works and why it's is a good thing for email security.  Continue Reading

• What's the difference between two-step verification and 2FA?

  The terms two-step verification and two-factor authentication are used interchangeably, but do they differ from one another? Expert Michael Cobb explains.  Continue Reading